of this situation is
using an HttpsURLConnection. I guess it would be OK to ask users who
wanted SNI support to do that, though. What do you think?
Michael Tandy
Xuelei Fan wrote:
> It is appreciate you'd like to investigate it.
>
> If you need more information about the current framework of TLS/JS
of this situation is
using an HttpsURLConnection. I guess it would be OK to ask users who
wanted SNI support to do that, though. What do you think?
Michael Tandy
Xuelei Fan wrote:
> It is appreciate you'd like to investigate it.
>
> If you need more information about the current framework of TLS/JS
ld be OK to ask users who
>> wanted SNI support to do that, though. What do you think?
>>
>>
>
> Yes, need to disable SSLv2Hello. But you can also choose to disable
> SSLv2Hello when enabling SNI extension in the implementation.
>
>
> Andrew
>>
>> Michae
> We can enable it always, I think, just as what the EC extension do now. But
> we need to consider a very small part of old servers which are not ready to
> read any extension data field, so we might need a approach to disable all
> extensions. Maybe adding a new system property to switch the exte
> Good point. But for FIPS-140 compliant. TLS1.0 should be used, SSL v2 Hello
> will not be used in a FIPS validated environment.
On the subject of FIPS, perhaps you can answer a question: I gather we
have FIPS support [3], but from the documentation [4] I've got no idea
of how to enable it.
>> D
ng your fix for this
bug as an example of how we might implement SNI in the future.
> BTW, could I cc to security-...@openjdk.java.net?
Done.
Michael
2009/3/3 Xuelei Fan :
> Michael Tandy wrote:
>>
>> I was wondering - I see you get the host name using:
>>
>&
loExtensions" is unset, or set to "no"
http://michaelt.uwcs.co.uk/openjdk_sni_webrev/
2009/3/2 Xuelei Fan :
> Michael Tandy wrote:
>>>
>>> Good point. But for FIPS-140 compliant. TLS1.0 should be used, SSL v2
>>> Hello
>>> will not be used in a
